|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Strong Name Sandboxed AppDomain and GAC Problem with pluginsI am looking to setup a plugin architecture for a project I am working on. My main application is signed, I would like all libraries that I load in my sandbox AppDomain to all be signed with the same key. It was all going very well until a requirement of the project was for these plugins to be stored in the GAC. It appears that executing an application on the app domain or loading a dll from disk will throw security exceptions if they are not signed with the same key. However, GAC loads will occur even if they are signed with different keys. Please see the below code example with comments regarding my problem. Thanks, Gary Code Example: // Create an application domain AppDomain mxlSandboxDomain = AppDomain.CreateDomain ( "PluginSandbox" ); PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel (); // Set the application domain to have a StrongNameMembershipCondition on the // public key of the executing assembly StrongNameMembershipCondition snCodeMC = new StrongNameMembershipCondition ( new StrongNamePublicKeyBlob ( System.Reflection.Assembly.GetExecutingAssembly () .GetName ().GetPublicKey () ), null, null ); // Allow plugins to do anything PermissionSet fullTrustPermissionSet = domainPolicy.GetNamedPermissionSet ( "FullTrust" ); PolicyStatement fullTrustPolicyStatement = new PolicyStatement ( fullTrustPermissionSet ); CodeGroup allCodeFulltrustCG = new UnionCodeGroup ( snCodeMC, fullTrustPolicyStatement ); domainPolicy.RootCodeGroup = allCodeFulltrustCG; SandboxDomain.SetAppDomainPolicy ( domainPolicy ); // The following line loads fine without throwing a SecurityException even if RandomDllInGac // is not signed with the StrongName of the executing assembly. SandboxDomain.Load ( "RandomDllInGac, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" ); // The below line will fail because it is not signed mxlSandboxDomain.ExecuteAssembly ( "myFile.exe" ); Assemblies in the GAC are granted irrevocable full trust under .NET 2.0.
Even if this were not the case, you would still have a potential problem since delay signed assemblies would meet your membership criterion if they had been registered for verification skipping. One workaround to both problems would be to verify the assembly signature prior to loading it using StrongNameSignatureVerificationEx (see http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx for details). Show quoteHide quote "gary" <gbre***@gmail.com> wrote in message news:1155541517.868703.113800@p79g2000cwp.googlegroups.com... > G'Day, > > I am looking to setup a plugin architecture for a project I am working > on. > > My main application is signed, I would like all libraries that I load > in my sandbox AppDomain to all be signed with the same key. > > It was all going very well until a requirement of the project was for > these plugins to be stored in the GAC. > > It appears that executing an application on the app domain or loading a > dll from disk will throw security exceptions if they are not signed > with the same key. However, GAC loads will occur even if they are > signed with different keys. > > Please see the below code example with comments regarding my problem. > > > Thanks, > > Gary > > > > > > Code Example: > > // Create an application domain > > AppDomain mxlSandboxDomain = AppDomain.CreateDomain ( "PluginSandbox" > ); > > PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel (); > > > // Set the application domain to have a StrongNameMembershipCondition > on the > // public key of the executing assembly > > StrongNameMembershipCondition snCodeMC = new > StrongNameMembershipCondition ( > new StrongNamePublicKeyBlob ( > System.Reflection.Assembly.GetExecutingAssembly () > .GetName ().GetPublicKey () ), null, null ); > > > // Allow plugins to do anything > > PermissionSet fullTrustPermissionSet = > domainPolicy.GetNamedPermissionSet ( "FullTrust" ); > PolicyStatement fullTrustPolicyStatement = new PolicyStatement ( > fullTrustPermissionSet ); > CodeGroup allCodeFulltrustCG = new UnionCodeGroup ( snCodeMC, > fullTrustPolicyStatement ); > domainPolicy.RootCodeGroup = allCodeFulltrustCG; > > > SandboxDomain.SetAppDomainPolicy ( domainPolicy ); > > > // The following line loads fine without throwing a SecurityException > even if RandomDllInGac > // is not signed with the StrongName of the executing assembly. > > SandboxDomain.Load ( "RandomDllInGac, Version=1.0.5000.0, > Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" ); > > > // The below line will fail because it is not signed > > mxlSandboxDomain.ExecuteAssembly ( "myFile.exe" ); > 
Other interesting topics
password salting
Running .NET 2.0 App from UNC - Windows 2000 Server vs Windows XP Pro How to SELECT records based upon ASP.NET Roles CAS Policy issue Huge problem consuming .net event in JScript code load CAPICOM Certificate from X509Certificate Windows Authentication when Web Server is in DMZ Web Service, Authentication, Security & Domains GetAccess Control for Directory Can I run a service with a user profile |
|||||||||||||||||||||||
